.\" A man page for ipa-server-certinstall
.\" Copyright (C) 2008 Red Hat, Inc.
.\" 
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\" 
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
.\" General Public License for more details.
.\" 
.\" You should have received a copy of the GNU General Public License
.\" along with this program.  If not, see <http://www.gnu.org/licenses/>.
.\" 
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\" 
.TH "ipa-server-certinstall" "1" "Mar 14 2008" "IPA" "IPA Manual Pages"
.SH "NAME"
ipa\-server\-certinstall \- Install new SSL server certificates
.SH "SYNOPSIS"
ipa\-server\-certinstall [\fIOPTION\fR]... FILE...
.SH "DESCRIPTION"
Replace the current Directory server SSL certificate, Apache server SSL certificate and/or Kerberos KDC certificate with the certificate in the specified files. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats.

PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs.

They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command.

The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory, Apache and/or Krb5kdc servers.

If the ACME service is enabled then the web certificate must have a Subject Alternative Name (SAN) for ipa-ca.$DOMAIN.

.SH "OPTIONS"
.TP 
\fB\-d\fR, \fB\-\-dirsrv\fR
Install the certificate on the Directory Server
.TP 
\fB\-w\fR, \fB\-\-http\fR
Install the certificate in the Apache Web Server
.TP
\fB\-k\fR, \fB\-\-kdc\fR
Install the certificate in the Kerberos KDC
.TP
\fB\-\-pin\fR=\fIPIN\fR
The password to unlock the private key
.TP
\fB\-\-cert\-name\fR=\fINAME\fR
Name of the certificate to install
.TP
\fB\-p\fR, \fB\-\-dirman\-password\fR=\fIDIRMAN_PASSWORD\fR
Directory Manager password
.TP
\fB\-\-version\fR
Show the program's version and exit
.TP
\fB\-h\fR, \fB\-\-help\fR
Show the help for this program
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Print debugging information
.TP
\fB\-q\fR, \fB\-\-quiet\fR
Output only errors
.TP
\fB\-\-log\-file\fR=\fIFILE\fR
Log to the given file
.SH "EXIT STATUS"
0 if the installation was successful

1 if an error occurred
